Merge pull request #19 from Colin-b/development

Release 4.0.0
Colin-b · Dec 16, 2018 · 979f9b4 · 979f9b4
2 parents a1b1a59 + 33ce157
commit 979f9b4
Show file tree

Hide file tree

Showing 7 changed files with 502 additions and 582 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,24 @@ List all changes in various categories:
 * Bug fixes
 * Known issues
 
+## 4.0.0 (2018-12-16) ##
+
+### Release notes ###
+
+- str representation of authentication classes are not prefixed by "authentication." anymore.
+- [OAuth2] Implicit flow is now expecting token in access_token field by default (or id_token if response_type is id_token). This can be overridden thanks to new token_field_name parameter. Previous behavior was to expect a token named the same way than response_type (or token)
+- [OAuth2] Authorization code flow provides a new code_field_name parameter to know in what field code should be expected. Default value is code. Previous behavior was to expect a code named the same way than response_type (or code)
+- [Azure AD] Implicit class now provides Access Token by default. Use new IdToken class to request OpenID Connect ID Token.
+- [Okta] Implicit class now provides Access Token by default. Use new IdToken class to request OpenID Connect ID Token.
+
+### Bug fixes ###
+
+- [OAuth2] Implicit flow is now ensuring that response_type is set in query. Default value is token.
+- [OAuth2] Authorization code flow is now ensuring that response_type is set in query. Default value is token.
+- [Azure AD] Allow to override response_type.
+- [Azure AD] Allow to override expected token name.
+- [Okta] Allow to override expected token name.
+
 ## 3.0.0 (2018-11-13) ##
 
 ### Release notes ###

diff --git a/README.md b/README.md
diff --git a/requests_auth/__init__.py b/requests_auth/__init__.py
@@ -11,7 +11,9 @@
 
     OAuth2Implicit,
     OktaImplicit,
+    OktaImplicitIdToken,
     AzureActiveDirectoryImplicit,
+    AzureActiveDirectoryImplicitIdToken,
 
     OAuth2AuthorizationCode,
 

diff --git a/requests_auth/_version.py b/requests_auth/_version.py
@@ -3,4 +3,4 @@
 # Major should be incremented in case there is a breaking change. (eg: 2.5.8 -> 3.0.0)
 # Minor should be incremented in case there is an enhancement. (eg: 2.5.8 -> 2.6.0)
 # Patch should be incremented in case there is a bug fix. (eg: 2.5.8 -> 2.5.9)
-__version__ = "3.0.0"
+__version__ = "4.0.0"
diff --git a/requests_auth/authentication.py b/requests_auth/authentication.py
diff --git a/tests/authenticated_test_service.py b/tests/authenticated_test_service.py
@@ -36,16 +36,22 @@ def post_token_as_my_custom_token():
     return submit_a_form_with_a_token(expiry_in_1_hour, 'custom_token')
 
 
-@app.route('/provide_token_as_token')
-def post_token_as_token():
+@app.route('/provide_token_as_access_token')
+def post_token_as_access_token():
     expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
-    return submit_a_form_with_a_token(expiry_in_1_hour, 'token')
+    return submit_a_form_with_a_token(expiry_in_1_hour, 'access_token')
 
 
-@app.route('/provide_token_as_anchor_token')
+@app.route('/provide_token_as_id_token')
+def post_token_as_id_token():
+    expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
+    return submit_a_form_with_a_token(expiry_in_1_hour, 'id_token')
+
+
+@app.route('/provide_token_as_anchor_access_token')
 def get_token_as_anchor_token():
     expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
-    return redirect_with_a_token(expiry_in_1_hour, 'token')
+    return redirect_with_a_token(expiry_in_1_hour, 'access_token')
 
 
 @app.route('/provide_code_as_anchor_code')
@@ -64,16 +70,16 @@ def get_access_token():
     })
 
 
-@app.route('/provide_token_as_token_but_without_providing_state')
+@app.route('/provide_token_as_access_token_but_without_providing_state')
 def post_without_state():
     expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
-    return submit_a_form_without_state(expiry_in_1_hour, 'token')
+    return submit_a_form_without_state(expiry_in_1_hour, 'access_token')
 
 
-@app.route('/provide_token_as_anchor_token_but_without_providing_state')
+@app.route('/provide_token_as_anchor_access_token_but_without_providing_state')
 def get_token_as_anchor_token_without_state():
     expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
-    return redirect_with_a_token_without_state(expiry_in_1_hour, 'token')
+    return redirect_with_a_token_without_state(expiry_in_1_hour, 'access_token')
 
 
 @app.route('/do_not_provide_token')
@@ -90,19 +96,19 @@ def get_without_token():
 def post_token_quick_expiry():
     if already_asked_for_quick_expiry[0]:
         expiry_in_1_hour = datetime.datetime.utcnow() + datetime.timedelta(hours=1)
-        return submit_a_form_with_a_token(expiry_in_1_hour, 'token')
+        return submit_a_form_with_a_token(expiry_in_1_hour, 'access_token')
     else:
         already_asked_for_quick_expiry[0] = True
         expiry_in_1_second = datetime.datetime.utcnow() + datetime.timedelta(seconds=1)
-        return submit_a_form_with_a_token(expiry_in_1_second, 'token')
+        return submit_a_form_with_a_token(expiry_in_1_second, 'access_token')
 
 
 @app.route('/do_not_redirect')
 def close_page_so_that_client_timeout_waiting_for_token():
     return close_page()
 
 
-def submit_a_form_with_a_token(token_expiry, response_type):
+def submit_a_form_with_a_token(token_expiry, token_field_name):
     redirect_uri = request.args.get('redirect_uri')
     state = request.args.get('state')
     token = create_token(token_expiry)
@@ -120,7 +126,7 @@ def submit_a_form_with_a_token(token_expiry, response_type):
         <script language="javascript">document.forms[0].submit();</script>
     </body>
 </html>
-        """.format(redirect_uri, response_type, token, state)
+        """.format(redirect_uri, token_field_name, token, state)
 
 
 def redirect_with_a_token(token_expiry, response_type):